September 24, 2003 at 6:48 am
Hello!
How can I store a password for a user safe? Do I use varbinary or another fieldtype?
I want my application to use the application role, and I need this information about the password to login. Then I'm shure that no one is able to view this site other than the SA, but that's not good enough.
Please help me.
Regards - Lars
-Lars
Please only reply to this newsgroup. All mails would be bounced back.
September 24, 2003 at 7:44 am
I would suggest that you hash the passwords and then store them in you database. This will keep anyone even the SA from knowing the password. Now if you do need to be able to know the password under special conditions, then encryption is an alternative. This way you can de-crypt the password if needed.
Gregory Larsen, DBA
If you looking for SQL Server Examples check out my website at http://www.geocities.com/sqlserverexamples
Gregory A. Larsen, MVP
September 25, 2003 at 8:55 am
How to hash a password?
I am using encrypt function but when I run the select query keeping result in text mode on .then I am able to see all the passwords.
I am using SQL2000, it is not a case with sql 7. I have checked it.
September 26, 2003 at 11:01 am
Encrypt isn't a hash. A hash is one way. SQL will de-crypt the encrypted data for you if you are SA, but data readers and writers will not be able to see it.
For application passwords, the passwords are usually hashed with md5 or sha1. -rich
September 26, 2003 at 11:34 am
quote:
How to hash a password?I am using encrypt function but when I run the select query keeping result in text mode on .then I am able to see all the passwords.
I am using SQL2000, it is not a case with sql 7. I have checked it.
i am using encrypt function
for eg.
update employee set password=encrypt(password)
but i don't know how to decrypt it?
any suggestions?
September 29, 2003 at 5:11 am
>update employee set password=encrypt
>(password)
>but i don't know how to decrypt it?
Being unable to decrypt gives you better
security ...
September 30, 2003 at 11:58 am
yes, it is secure, but one of my JAVA application need plain password, so i want to decrypt it and store in a seperate table
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply